Graphical representations of time-ordered data

ABSTRACT

Methods, systems, and computer-storage media are provided for generating graphical representations of audit events. A party-of-interest is represented by a central node, and one or more peripheral nodes surrounding the central node represent parties having electronic records accessed by the party-of-interest during a selected time frame. The size of the peripheral nodes represents a frequency of access of the node&#39;s respective electronic record. Each of the peripheral nodes is actionable enabling a user to view information related to the audit event.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application, having attorney docket number CRNI.181248, claims thebenefit of priority of U.S. Provisional Application No. 61/783,356,filed Mar. 14, 2013 and entitled “Graphical Representations ofTime-Ordered Data.” The entirety of the aforementioned application isincorporated by reference herein.

BACKGROUND

In order to comply with laws governing information security, such as theHealth Insurance Portability and Accountability Act (HIPAA), certaininstitutions must maintain audit logs that track how often customerelectronic records are accessed, the reasons for accessing the records(e.g., documentation, modification, etc.), and the identities of userswho are accessing the electronic records. Examples of institutionsinclude healthcare facilities, financial institutions, educationalinstitutions, and the like.

Most commercial tools for querying audit logs employ some form of reportgeneration based loosely on the concept of relational queries. Many ofthe reports are batch-oriented in nature because of the computationaland input/output demands necessary to conduct the underlying queries. Aswell, these reports are often presented in the form of two-dimensionaltables. While these reports may be sufficient to meet informationsecurity requirements, they are not necessarily intuitive and efficientfor end users nor do they facilitate the exploration of audit eventsrelated to a particular user.

SUMMARY

This Summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This Summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used as an aid in determining the scope of the claimed subjectmatter. The present invention is defined by the claims.

In brief and at a high level, this disclosure describes, among otherthings, methods, systems, and computer-storage media for presentinggraphical representations of time-ordered audit events. The time-orderedaudit events may represent instances where customer electronic recordshave been accessed by a party-of-interest during a specified time frame.The electronic records may include financial records, educationalrecords, health records, insurance records, and the like.

In one aspect, the party-of-interest is a clinician and the audit eventsrepresent instances where the clinician has accessed patient electronicmedical records (EMRs). For example, a healthcare facility may becomesuspicious of the activities of the clinician, or a patient may havefiled a complaint alleging some sort of privacy breach. In response toeither of these two situations, the healthcare facility may wish to viewan audit log of EMR accesses during a specified time frame and detailsassociated with each access. An intuitive and easy-to-use graphical userinterface (GUI) is needed to facilitate this process.

As such, the present invention provides for a GUI that utilizes, in oneaspect, timelines that enable a user to select a desired time frame, acentral node representing the party-of-interest, and one or moreperipheral nodes representing parties having electronic records thathave been accessed by the party-of-interest during the selected timeframe. As used throughout this application, the term “party-of-interest”refers to a person employed or associated with a facility maintaining anaudit log and who has access rights to electronic records kept by thefacility. Exemplary parties-of-interest include clinicians, bankofficers, teachers, administrators, and the like. The term “party”refers to an entity who receives services provided by the facility. Assuch, the party may refer to a customer, a patient, a student, and thelike. The size of the peripheral nodes provides an indication of howfrequently the electronic records were accessed. As well, both thecentral node and the peripheral nodes are actionable allowing a user toquickly gather information regarding, for example, the identity of theparty-of-interest, the parties, and/or options for viewing additionalinformation regarding the electronic record access.

In another aspect, the present invention provides for a GUI thatutilizes one or more timelines configured to enable a user to select atime frame, a central node representing a party (e.g., a patient who isalleging a privacy breach), and one or more peripheral nodesrepresenting parties-of-interest who have accessed the party'selectronic records during the specified time frame. The size of theperipheral nodes indicates how frequently the party's electronic recordwas accessed by the node's respective party-of-interest Like above, boththe central node and the peripheral nodes are actionable allowing a userto access information regarding, for example, the identity of theparties-of-interest, the party, and/or options for viewing additionalinformation regarding the electronic record access.

In yet another aspect, the present invention provides for a GUI thatutilizes one or more timelines configured to enable a user to select adesired time frame, a display area providing an indication of a partyand a party-of-interest, and a clockwise timeline having one or moreicons overlaid at different points in time; the bounds of the clockwisetimeline correspond to the specified time frame. The icons representdifferent types of audit events associated with the party and theparty-of-interest. For instance, using healthcare as an example, oneaudit event may be the clinician accessing the patient's EMR to order amedication, while another audit event may be the clinician accessing thepatient's EMR to document a clinical note. The icons are actionable, andinteraction with an icon can initiate the presentation of a summary ofthe associated audit event.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments are described in detail below with reference to the attacheddrawing figures, wherein:

FIG. 1 is a block diagram of an exemplary computing environment suitableto implement embodiments of the present invention;

FIG. 2 is a block diagram of an exemplary system for visuallyrepresenting time-ordered data related to a party-of-interest suitableto implement embodiments of the present invention;

FIG. 3 is an exemplary graphical user interface having a central noderepresenting a party-of-interest and one or more peripheral nodesrepresenting parties having electronic records accessed by theparty-of-interest during a specified time frame in accordance with anembodiment of the present invention;

FIG. 4 is an exemplary graphical user interface having a central noderepresenting a party and one or more peripheral nodes representingparties-of-interest who have accessed electronic records associated withthe party during a specified time frame in accordance with an embodimentof the present invention; and

FIG. 5 is an exemplary graphical user interface having a clockwisetimeline with icons overlaying points in time corresponding toaudit-type events between a party and a party-of-interest in accordancewith an embodiment of the present invention.

DETAILED DESCRIPTION

The subject matter of the present invention is described withspecificity herein to meet statutory requirements. However, thedescription itself is not intended to limit the scope of this patent.Rather, the inventors have contemplated that the claimed subject mattermight also be embodied in other ways, to include different steps orcombinations of steps similar to the ones described in this document, inconjunction with other present or future technologies. Moreover,although the terms “step” and/or “block” may be used herein to connotedifferent elements of methods employed, the terms should not beinterpreted as implying any particular order among or between varioussteps herein disclosed unless and except when the order of individualsteps is explicitly described.

Embodiments of the present invention are directed to methods, systems,and computer-storage media for presenting graphical representations oftime-ordered audit events. The time-ordered audit events may representinstances where electronic records associated with one or more partieshave been accessed by a party-of-interest during a specified time frame.As mentioned, the term “party-of-interest” refers to a person employedor associated with a facility maintaining an audit log and who hasaccess rights to electronic records kept by the facility. Exemplaryparties-of-interest include clinicians, bank officers, administrators,teachers, and the like. The term “party” refers to an entity whoreceives services provided by the facility. As such, the party may referto a customer, a patient, a student, and the like. The electronicrecords may include financial records, educational records, healthrecords, insurance records, and the like.

An exemplary computing environment suitable for use in implementingembodiments of the present invention is described below. FIG. 1 is anexemplary computing environment (e.g., medical-informationcomputing-system environment) with which embodiments of the presentinvention may be implemented. The computing environment is illustratedand designated generally as reference numeral 100. The computingenvironment 100 is merely an example of one suitable computingenvironment and is not intended to suggest any limitation as to thescope of use or functionality of the invention. Neither should thecomputing environment 100 be interpreted as having any dependency orrequirement relating to any single component or combination ofcomponents illustrated therein.

The present invention might be operational with numerous other purposecomputing system environments or configurations. Examples of well-knowncomputing systems, environments, and/or configurations that might besuitable for use with the present invention include personal computers,server computers, hand-held or laptop devices, multiprocessor systems,microprocessor-based systems, set top boxes, programmable consumerelectronics, network PCs, minicomputers, mainframe computers,distributed computing environments that include any of theabove-mentioned systems or devices, and the like.

The present invention might be described in the general context ofcomputer-executable instructions, such as program modules, beingexecuted by a computer. Exemplary program modules comprise routines,programs, objects, components, and data structures that performparticular tasks or implement particular abstract data types. Thepresent invention might be practiced in distributed computingenvironments where tasks are performed by remote processing devices thatare linked through a communications network. In a distributed computingenvironment, program modules might be located in association with localand/or remote computer storage media (e.g., memory storage devices).

With continued reference to FIG. 1, the computing environment 100comprises a computing device in the form of a control server 102.Exemplary components of the control server 102 comprise a processingunit, internal system memory, and a suitable system bus for couplingvarious system components, including data store 104, with the controlserver 102. The system bus might be any of several types of busstructures, including a memory bus or memory controller, a peripheralbus, and a local bus, using any of a variety of bus architectures.Exemplary architectures comprise Industry Standard Architecture (ISA)bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus,Video Electronic Standards Association (VESA) local bus, and PeripheralComponent Interconnect (PCI) bus, also known as Mezzanine bus.

The control server 102 typically includes therein, or has access to, avariety of non-transitory computer-readable media. Computer-readablemedia can be any available media that might be accessed by controlserver 102, and includes volatile and nonvolatile media, as well as,removable and nonremovable media. By way of example, and not limitation,computer-readable media may comprise computer storage media andcommunication media. Computer storage media includes both volatile andnonvolatile, removable and non-removable media implemented in any methodor technology for storage of information such as computer-readableinstructions, data structures, program modules or other data. Computerstorage media includes, but is not limited to, RAM, ROM, EEPROM, flashmemory or other memory technology, CD-ROM, digital versatile disks (DVD)or other optical disk storage, magnetic cassettes, magnetic tape,magnetic disk storage or other magnetic storage devices, or any othermedium which can be used to store the desired information and which canbe accessed by control server 102. Communication media typicallyembodies computer-readable instructions, data structures, programmodules or other data in a modulated data signal such as a carrier waveor other transport mechanism and includes any information deliverymedia. The term “modulated data signal” means a signal that has one ormore of its characteristics set or changed in such a manner as to encodeinformation in the signal. By way of example, and not limitation,communication media includes wired media such as a wired network ordirect-wired connection, and wireless media such as acoustic, RF,infrared and other wireless media. Combinations of any of the aboveshould also be included within the scope of computer-readable media.

The control server 102 might operate in a computer network 106 usinglogical connections to one or more remote computers 108. Remotecomputers 108 might be located at a variety of locations in a medical orresearch environment, including clinical laboratories (e.g., moleculardiagnostic laboratories), hospitals and other inpatient settings,veterinary environments, ambulatory settings, medical billing andfinancial offices, hospital administration settings, home healthcareenvironments, and clinicians' offices. Clinicians may comprise atreating physician or physicians; specialists such as surgeons,radiologists, cardiologists, and oncologists; emergency medicaltechnicians; physicians' assistants; nurse practitioners; nurses;nurses' aides; pharmacists; dieticians; microbiologists; laboratoryexperts; laboratory technologists; genetic counselors; researchers;veterinarians; students; and the like. The remote computers 108 mightalso be physically located in nontraditional medical care environmentsso that the entire healthcare community might be capable of integrationon the network. The remote computers 108 might be personal computers,servers, routers, network PCs, peer devices, other common network nodes,or the like and might comprise some or all of the elements describedabove in relation to the control server 102. The devices can be personaldigital assistants or other like devices.

Computer networks 106 comprise local area networks (LANs) and/or widearea networks (WANs). Such networking environments are commonplace inoffices, enterprise-wide computer networks, intranets, and the Internet.When utilized in a WAN networking environment, the control server 102might comprise a modem or other means for establishing communicationsover the WAN, such as the Internet. In a networking environment, programmodules or portions thereof might be stored in association with thecontrol server 102, the data store 104, or any of the remote computers108. For example, various application programs may reside on the memoryassociated with any one or more of the remote computers 108. It will beappreciated by those of ordinary skill in the art that the networkconnections shown are exemplary and other means of establishing acommunications link between the computers (e.g., control server 102 andremote computers 108) might be utilized.

In operation, an organization might enter commands and information intothe control server 102 or convey the commands and information to thecontrol server 102 via one or more of the remote computers 108 throughinput devices, such as a keyboard, a pointing device (commonly referredto as a mouse), a trackball, or a touch pad. Other input devicescomprise microphones, satellite dishes, scanners, or the like. Commandsand information might also be sent directly from a remote healthcaredevice to the control server 102. In addition to a monitor, the controlserver 102 and/or remote computers 108 might comprise other peripheraloutput devices, such as speakers and a printer.

Although many other internal components of the control server 102 andthe remote computers 108 are not shown, such components and theirinterconnection are well known. Accordingly, additional detailsconcerning the internal construction of the control server 102 and theremote computers 108 are not further disclosed herein.

Turning now to FIG. 2, an exemplary computing system environment 200 isdepicted suitable for use in implementing embodiments of the presentinvention. The computing system environment 200 is merely an example ofone suitable computing system environment and is not intended to suggestany limitation as to the scope of use or functionality of embodiments ofthe present invention. Neither should the computing system environment200 be interpreted as having any dependency or requirement related toany single module/component or combination of modules/componentsillustrated therein.

The computing system environment 200 includes a graphical generator 210,a data store 212, and an end-user computing device 214 all incommunication with one another via a network 216. The network 216 mayinclude, without limitation, one or more local area networks (LANs) orwide area networks (WANs). The network 216 may be a secure networkassociated with a facility such as a healthcare facility, a financialinstitution, an educational institution, and the like. The securenetwork 216 may require that a user log in and be authenticated in orderto send and/or receive information over the network 216.

In some embodiments, one or more of the illustrated components/modulesmay be implemented as stand-alone applications. In other embodiments,one or more of the illustrated components/modules may be integrateddirectly into the operating system of the graphical generator 210. Thecomponents/modules illustrated in FIG. 2 are exemplary in nature and innumber and should not be construed as limiting. Any number ofcomponents/modules may be employed to achieve the desired functionalitywithin the scope of embodiments hereof. Further, components/modules maybe located on any number of servers. By way of example only, thegraphical generator 210 might reside on a server, a cluster of servers,or a computing device remote from one or more of the remainingcomponents.

It should be understood that this and other arrangements describedherein are set forth only as examples. Other arrangements and elements(e.g., machines, interfaces, functions, orders, and groupings offunctions, etc.) can be used in addition to or instead of those shown,and some elements may be omitted altogether. Further, many of theelements described herein are functional entities that may beimplemented as discrete or distributed components or in conjunction withother components/modules, and in any suitable combination and location.Various functions described herein as being performed by one or moreentities may be carried out by hardware, firmware, and/or software. Forinstance, various functions may be carried out by a processor executinginstructions stored in memory.

The data store 212 is configured to store information for use by, forexample, the graphical generator 210 and/or the end-user computingdevice 214. The information stored in association with the data store212 is configured to be searchable for one or more items of informationstored in association therewith. The information stored in associationwith the data store 212 may comprise general information used by thegraphical generator 210 and/or the end-user computing device 214.

In one aspect, the data store 212 may store audit logs kept by anentity. As used throughout this application, the term “audit log” or“audit trail” refers to chronological records of system activities thatenable the reconstruction and examination of the sequence of eventsand/or changes in an event. More specifically, the term audit log mayrefer to chronological records of customer electronic record access anddetails associated with such access. As described above, the entity mayinclude financial institutions, educational institutions, healthcarefacilities, and the like.

With respect to healthcare facilities, in addition to audit logs, thedata store 212 may store electronic medical records (EMRs) of patientsassociated with the healthcare facility. EMRs may comprise electronicclinical documents such as images, clinical notes, orders, summaries,reports, analyses, or other types of electronic medical documentationrelevant to a particular patient's condition and/or treatment.Electronic clinical documents contain various types of informationrelevant to the condition and/or treatment of a particular patient andcan include information relating to, for example, patient identificationinformation, images, alert history, culture results, physicalexaminations, vital signs, past medical histories, surgical histories,family histories, histories of present illnesses, current and pastmedications, allergies, symptoms, past orders, completed orders, pendingorders, tasks, lab results, other test results, patient encountersand/or visits, immunizations, physician comments, nurse comments, othercaretaker comments, and a host of other relevant clinical information.

The content and volume of such information in the data store 212 are notintended to limit the scope of embodiments of the present invention inany way. Further, though illustrated as a single, independent component,the data store 212 may, in fact, be a plurality of storage devices, forinstance, a database cluster, portions of which may reside on thegraphical generator 210, the end-user computing device 214, and/or anycombination thereof.

As shown, the end-user computing device 214 includes a display screen215. The display screen 215 is configured to display information to theuser of the end-user computing device 214, for instance, informationrelevant to communications initiated by and/or received by the end-usercomputing device 214, graphical representations of audit events, and/orthe like. Embodiments are not intended to be limited to visual displaybut rather may also include audio presentation, combined audio/visualpresentation, and the like. The end-user computing device 214 may be anytype of display device suitable for presenting a graphical userinterface. Such computing devices may include, without limitation, acomputer, such as, for example, any of the remote computers 108described above with reference to FIG. 1. Other types of display devicesmay include tablet PCs, PDAs, mobile phones, smart phones, as well asconventional display devices such as televisions. Interaction with thegraphical user interface may be via a touch pad, a pointing device,and/or gestures.

Components of the graphical generator 210 may include a processing unit,internal system memory, and a suitable system bus for coupling varioussystem components, including one or more data stores for storinginformation (e.g., files and metadata associated therewith). Thegraphical generator 210 typically includes, or has access to, a varietyof computer-readable media.

The computing system environment 200 is merely exemplary. While thegraphical generator 210 is illustrated as a single unit, it will beappreciated that the graphical generator 210 is scalable. For example,the graphical generator 210 may in actuality include a plurality ofcomputing devices in communication with one another. Moreover, the datastore 212, or portions thereof, may be included within, for instance,the graphical generator 210 as a computer-storage medium. The singleunit depictions are meant for clarity, not to limit the scope ofembodiments in any form.

As shown in FIG. 2, the graphical generator 210 comprises a receivingcomponent 218 and a rendering component 220. In some embodiments, one ormore of the components 218 and 220 may be implemented as stand-aloneapplications. In other embodiments, one or more of the components 218and 220 may be integrated directly into the operating system of acomputing device such as the remote computer 108 of FIG. 1. It will beunderstood that the components 218 and 220 illustrated in FIG. 2 areexemplary in nature and in number and should not be construed aslimiting. Any number of components may be employed to achieve thedesired functionality within the scope of embodiments hereof.

The receiving component 218 is configured to receive user selections,commands, filters, requests, or inputs. User selections and/or requestsmay include requests for graphical representations of audit events.Further, the user is able to select different views of the audit events.For instance, one request may be for a graphical representation ofelectronic records accessed by a party-of-interest during a specifiedtime frame. Another request may be for a graphical representation of allparties-of-interest who have accessed a specified party's electronicrecords during a specified time frame. An additional request may be fora graphical representation of a detail view of audit events relating toa specified party-of-interest and a party.

The rendering component 220 is configured to utilize audit logs storedin association with the data store 212 in order to respond to therequests received by the receiving component 218. As such, the renderingcomponent 220 is configured to render graphical representations of auditevents on a graphical user interface (GUI) that may be presented on thedisplay screen 215 of the end-user computing device 214.

Turning now to FIGS. 3-6, FIGS. 3-6 depict exemplary GUIs illustratingthe presentation of graphical representations of audit events. FIG. 3depicts a GUI 300 in which the party-of-interest is represented by acentral node 314 and one or more peripheral nodes, e.g., nodes 316 a,316 b, and 316 c, surrounding the central node 314 represent partieshaving electronic records accessed by the party-of-interest during aspecified time frame. Although only the nodes 316 a-c are numbered andreferenced in the GUI 300, the following discussion is applicable to allof the peripheral nodes shown in the GUI 300. The GUI 300 may beespecially useful in situations where a facility suspects that aparty-of-interest may be in violation of information securityrequirements.

The party-of-interest represented by the central node 314 and theparties represented by the peripheral nodes 316 a-c may be representedby circles as shown. Other ways of representing the party-of-interestand the parties are contemplated. For example, the nodes 314 and/or 316a-c may be represented by other geometric shapes such as squares,triangles, ovals, diamonds, and the like. Additionally, the nodes 314and/or 316 a-c may be represented by stylized icons corresponding to aperson, or a picture of the party or party-of-interest represented bythe node. Any and all such variations, and any combination thereof, arecontemplated as being within the scope of the invention. As well,depending on the amount of available screen real estate, theparty-of-interest and/or the parties' names may be presented inassociation with the nodes 314 and/or 316 a-c.

Arrows, such as arrow 318 indicate a direction of access. For example,the arrow 318 indicates that the party-of-interest represented by thecentral node 314 accessed the electronic record of the party representedby the peripheral node 316 a instead of vice versa.

The GUI 300 further includes timelines 310 and 312. The timeline 310represents a coarse-grained timeline covering a time period from theinception of the audit log to the current point in time. The timeline310 includes a bi-directional slider 311 that enables a user to select atime period in months and years. The timeline 312 represents afine-grained timeline having a range corresponding to the range selectedby the slider 311 on the coarse-grained timeline 310. The timeline 312includes a bi-directional slider 313 that enables a user to select atime period in months and days. The use of timelines 310 and 312 enablesa user to quickly narrow in on the time period in question.

Changing the specified time frame using either the bi-directional slider311 and/or the bi-directional slider 313 causes the number of peripheralnodes presented on the GUI 300 to automatically update in real time. Forexample, a user may initially select a time frame corresponding to Apr.1, 2011-May 1, 2011. In response to the selection, a first set ofperipheral nodes is presented corresponding to parties having electronicrecords accessed during the selected time frame by the party-of-interestrepresented by the central node 314. The user may then select a timeframe corresponding to Apr. 1, 2011-Aug. 1, 2011. The number ofperipheral nodes may dynamically increase because the number ofelectronic records accessed by the party-of-interest would likely begreater since the time span is longer.

The size of the peripheral nodes, such as the peripheral nodes 316 a,316 b, and 316 c, represents the frequency with which the node'srespective electronic record was accessed by the party-of-interest. Inone aspect, a larger-sized node indicates a greater frequency of accessand a smaller-sized node indicates a lesser frequency of access. Thus,with respect to FIG. 3, the party's electronic record associated withthe peripheral node 316 c has been accessed at a higher frequency thanthe electronic records associated with the peripheral nodes 316 a and316 b. In another aspect, a larger-sized node indicates a lesserfrequency of access and a smaller-sized node indicates a greaterfrequency of access. Any and all such aspects, and any combinationthereof, are contemplated as being within the scope of the invention.

Each of the nodes 314 and 316 a-c is actionable. Interaction via, forexample, hovering over the central node 314 and/or peripheral nodes 316a-c may initiate the presentation of user-identifying information forthe party and/or party-of-interest represented by the node. With respectto the party-of-interest represented by the central node 314,user-identifying information may include name, role description, accessrights associated with the party-of-interest, how long theparty-of-interest has been associated with the company maintaining theaudit logs, and the like. With respect to the parties represented by theperipheral nodes 316 a-c, user-identifying information may include name,date-of-birth, address, gender, identifiers (e.g., customer ID), date ofservice, and the like.

Selection via, for example, a right or left mouse click and/or a tappinggesture of a peripheral node such as the peripheral node 316 a, mayautomatically initiate a new GUI such as the GUI shown in FIG. 4, or mayinitiate the presentation of a set of options. One option may be for thepresentation of a GUI where the party represented by the selectedperipheral node 316 a is presented as the central node and peripheralnodes represent parties-of-interest who have accessed the party'selectronic records during a specified time frame (e.g., the GUI shown inFIG. 4). Another option may be for the presentation of a GUI wheredetails concerning the audit events between the party represented by theselected peripheral node 316 a and the party-of-interest represented bythe central node 314 are depicted on a circular timeline (e.g., the GUIshown in FIG. 5).

Although not shown, the GUI 300 may also include an area that presentsone or more filters. Selection of a filter restricts the peripheralnodes to those nodes that meet the filter criteria. Exemplary filtersmay include filters based on the gender of the party represented by theperipheral nodes, filters corresponding to party roles (employee,customer, etc.), filters corresponding to specific types of audit eventssuch as accessing an electronic record to place an order, make a changeto a document, or create a new document, filters based on location suchas the venue or facility in which the audit event took place, filterscorresponding to a IP address or a device ID that indicate the deviceused to access the electronic record, and/or customized filters. Adisplayed filter may be presented in association with a numericalindicator (displayed adjacent to the filter name) that provides anindication of the number of results in the result set for that filter.For instance, “Female (17)” indicates that there are 17 results in theresult set for the female filter. Using healthcare as an example, ahealthcare facility may suspect that Clinician A is improperlyprescribing narcotic medications. The healthcare facility may select amedication filter that restricts the peripheral nodes to those patientswhose EMRs were accessed by Clinician A in order to prescribe narcoticmedications.

Turning now to FIG. 4, FIG. 4 depicts a GUI 400 where a central node 414represents a party and one or more peripheral nodes surrounding thecentral node 414, e.g., peripheral nodes 416 a and 416 b, representparties-of-interest who have accessed the party's electronic recordduring a specified time frame. Although only the peripheral nodes 416 aand 416 b are numbered and referenced in the GUI 400, the discussionthat follows is applicable to all of the peripheral nodes shown in theGUI 400. The GUI 400 may be presented in response to a selection of oneof the options discussed with respect to the GUI 300 (e.g., the optionsthat are presented when a user selects or otherwise interacts with oneof the peripheral nodes 316 a-c). The GUI 400 may be especially usefulin those situations where the party represented by the central node 414alleges a privacy breach, and the facility wishes to viewparties-of-interest who have accessed the party's electronic recordsduring a specified time frame. Arrows, such as arrow 418, represent thedirection of access of the electronic record. For example, the arrow 418indicates that the party-of-interest associated with the node 416 aaccessed the electronic record of the party represented by the centralnode 414 and not vice versa.

Like above, the party and the parties-of-interest may be represented bycircles as shown. Other ways of representing the party and theparties-of-interest include other geometric shapes, icons, pictures, andthe like. The name of the party and/or the parties-of-interest may bepresented on the central node 414 and/or the peripheral nodes 416 a-bwhen space permits.

The GUI 400 also includes timelines 410 and 412 similar to the timelines310 and 312 of FIG. 3. The timelines 410 and 412 will reflect the sametimeframes as those selected using the timelines 310 and 312 unlessotherwise changed by the user. Thus, the timeline 410 represents acoarse-grained timeline covering a time frame from the inception of theaudit log to the current point in time. The timeline 410 includes abi-direction slider 411 that enables the selection of a time period inmonths and years. The timeline 412 represents a fine-grained timelinehaving a range corresponding to the range selected by the slider 411.The timeline 413 also includes a bi-directional slider 413 that enablesthe selection of a time period in days and months. Changing thespecified time frame using the bi-directional sliders 411 and/or 413causes the peripheral nodes to dynamically update to reflect theparties-of-interest that have accessed the party's electronic recordduring the new time frame.

The size of the peripheral nodes, such as the peripheral nodes 416 a-b,reflects the frequency with which the parties-of-interest represented bythe peripheral nodes 416 a-b have accessed the party's electronicrecord. In one aspect, a larger-sized peripheral node indicates agreater frequency of access and a smaller-sized peripheral nodeindicates a lesser frequency of access. Thus, with respect to FIG. 4,the party-of-interest represented by the peripheral node 416 a hasaccessed the party's electronic record more frequently than theparty-of-interest represented by the peripheral node 416 b. In anotheraspect, a smaller-sized peripheral node indicates a greater frequency ofaccess and a larger-sized node indicates a lesser frequency of access.Any and all such variations, and any combination thereof, arecontemplated as being within the scope of the invention.

Each of the nodes 414 and 416 a-b is actionable. Interaction via, forexample, hovering over the central node 414 and/or peripheral nodes 416a-b may initiate the presentation of user-identifying information forthe party and/or party-of-interest represented by the node. With respectto the party represented by the central node 414, user-identifyinginformation may include name, date-of-birth, address, gender,identifiers (e.g., customer ID), date of service, and the like. Withrespect to the parties-of-interest represented by the peripheral nodes416 a-b, user-identifying information may include name, roledescription, access rights associated with the party-of-interest, howlong the party-of-interest has been associated with the companymaintaining the audit log, and the like.

Selection via, for example, a right or left mouse click and/or a tappinggesture of a peripheral node such as the peripheral node 416 a, mayautomatically initiate the presentation of a new GUI such as the GUIshown in FIG. 5, or may initiate the presentation of a set of options.One option may be for the presentation of a GUI corresponding to the GUI300 where the central node represents the party-of-interest associatedwith the peripheral node 416 a. Another option may be for thepresentation of a GUI, such as the GUI shown in FIG. 5, where detailsconcerning the audit events between the party represented by the centralnode 414 and the party-of-interest represented by the peripheral node416 a are depicted on a circular timeline.

The GUI 400 may also include filters (not shown). Selection of a filterrestricts the peripheral nodes to those nodes that meet the requirementsof the selected filter. The filters associated with the GUI 400 may bethe same or different than the filters associated with the GUI 300.Exemplary filters may include gender filters, role filters, types ofaudit events, location filters, device or IP address filters, and/orcustomized filters. An additional filter that may be used in the contextof the GUI 400 includes a filter that specifies parties-of-interest.Like above, a numerical indicator may be displayed alongside the filtername to provide an indication of the number of results in the result setfor that filter.

FIG. 5 depicts a GUI 500 that presents a detailed view of audit eventsrelated to a specified party and a specified party-of-interest. The GUI500 may be initiated in response to a selection of an option asdescribed with respect to the GUI 300 or the GUI 400. The GUI 500includes a first display area 514 that indicates the specified party andthe specified party-of-interest (in this case, the specifiedparty-of-interest is Dr. Robert Smith and the specified party is MaryThomas). The party and the party-of-interest may be indicated by theirrespective names. Other ways of indicating the party and theparty-of-interest may include icons or pictures. An arrow 515 in thefirst display area 514 depicts a direction of access. For example, thearrow 515 indicates that Dr. Robert Smith accessed patient Mary Thomas'EMR.

The GUI 500 also includes timelines 510 and 512 which are similar to thetimelines 410 and 412 of FIG. 4 and the timelines 310 and 312 of FIG. 3.The timelines 510 and 512 represent the same timeframe as selected usingthe timelines 410 and 412 and/or the timelines 310 and 312 unlessotherwise changed by the user. As such, the timeline 510 comprises acoarse-grained timeline that enables selection of a time period inmonths and years by using a bi-directional slider 511. Likewise, thetimeline 512 represents a fine-grained timeline that enables selectionof a time period in months and days using a bi-directional slider 513.Changing the time period using the bi-directional sliders 511 and/or 513causes the GUI 500 to automatically update to reflect audit eventscorresponding to the new time period.

The GUI 500 further comprises a circular timeline 516 surrounding thefirst display area 514; the circular timeline 516 has bounds 518 and 520corresponding to the time period selected by the bi-directional sliders511 and 513. Overlaying the circular timeline 516 at distinct points intime are one or more icons, e.g., icons 522, 524, 526, and 528,representing one or more audit events that occurred at that respectivepoint in time. Different types of audit events may be represented bydifferent types of icons. For example, the icon 522 (e.g., a square) mayrepresent an electronic record access to place an order, and the icon524 (e.g., a star) may represent an electronic record access to modifyan existing record. Likewise, the icon 526 (e.g., a hexagon) mayrepresent an electronic record access to create a new document, and theicon 528 (e.g., a circle) may represent an electronic record accesswhere no action was taken. A legend may be provided in association withthe GUI 500 detailing the different type of audit events associated withthe icons. The types of audit events described and the shape of theicons 522, 524, 526, and 528, are merely exemplary. Other types of auditevents and other shapes of icons are contemplated and are within thescope of the current invention.

Hovering over or otherwise interacting with the icons 522, 524, 526, and528, initiates a quick summary view of the audit event associated withthe icon. For example, hovering over the icon 522 may initiate thesummary “ordered ibuprofen 400 mg, b.i.d. on 01/26/2011 at 8:43 am.”Selecting an icon, such as the icon 522, may initiate a detailed view ofthe audit event. For example, selecting an icon may cause thepresentation of the portion of the electronic record corresponding tothe icon. Using the example above, selecting the icon 522 may initiatethe presentation of the patient's EMR corresponding to the orderingevent.

The present invention has been described in relation to particularembodiments, which are intended in all respects to be illustrativerather than restrictive. Further, the present invention is not limitedto these embodiments, but variations and modifications may be madewithout departing from the scope of the present invention.

What is claimed is:
 1. One or more computer-storage media havingcomputer-executable instructions embodied thereon that, when executed bya computing device, cause the computing device to generate a graphicaluser interface (GUI) for visually representing time-ordered audit eventsrelated to a party-of-interest, the GUI comprising: at least a firsttimeline configured to enable selection of a time period; a firstactionable central node representing the party-of-interest; and a firstset of actionable peripheral nodes surrounding the central node, eachperipheral node of the first set of peripheral nodes representing aparty having an electronic record accessed by the party-of-interestduring the selected time period.
 2. The GUI of claim 1, wherein a sizeassociated with each peripheral node of the first set of peripheralnodes is dependent upon a frequency of access of the each peripheralnode's respective electronic record by the party-of-interest.
 3. The GUIof claim 2, wherein a larger size is associated with a greater frequencyof access of the each peripheral node's respective electronic record,and wherein a smaller size is associated with a lesser frequency ofaccess of the each peripheral node's respective electronic record. 4.The GUI of claim 2, wherein a larger size is associated with a lesserfrequency of access of the each peripheral node's respective electronicrecord, and wherein a smaller size is associated with a greaterfrequency of access of the each peripheral node's respective electronicrecord.
 5. The GUI of claim 2, wherein the first set of peripheral nodesupdates in real time upon selection of a different time period.
 6. TheGUI of claim 2, wherein the first central node and the first set ofperipheral nodes are graphically represented by a circle.
 7. The GUI ofclaim 2, wherein interaction with each peripheral node of the first setof peripheral nodes initiates presentation of an identity of theperipheral node's respective party.
 8. The GUI of claim 2, whereinselection of a peripheral node of the first set of peripheral nodesinitiates presentation of a second GUI, the second GUI comprising: atleast the first timeline configured to enable selection of a timeperiod; a first display area configured to present an indication of theparty-of-interest and the party associated with the selected peripheralnode; and a clockwise timeline having one or more icons overlaid atpoints in time, each icon of the one or more icons representing an auditevent between the party-of-interest and the party associated with theselected peripheral node, the clockwise timeline having boundscorresponding to the selected time period.
 9. The GUI of claim 2,wherein selection of a peripheral node of the first set of peripheralnodes initiates presentation of a second GUI, the second GUI comprising:at least the first timeline configured to enable selection of a timeperiod; a second actionable central node representing the partyassociated with the selected peripheral node; and a second set ofactionable peripheral nodes surrounding the central node, eachperipheral node of the second set of peripheral nodes representing aparty-of-interest who has accessed the party's electronic record duringthe selected time period.
 10. One or more computer-storage media havingcomputer-executable instructions embodied thereon that, when executed bya computing device, cause the computing device to generate a graphicaluser interface (GUI) for visually representing an audit log historyrelated to a clinician, the GUI comprising: at least a first timelineconfigured to enable the selection of a time period; a first actionablecentral node representing the clinician; and a first set of actionableperipheral nodes surrounding the first central node, each peripheralnode of the first set of peripheral nodes representing a patient havingan electronic medical record (EMR) accessed by the clinician during theselected time period.
 11. The GUI of claim 10, wherein a size associatedwith each peripheral node of the first set of peripheral nodes indicatesa frequency of access of the patient's EMR during the selected timeperiod.
 12. The GUI of claim 11, wherein a larger size indicates ahigher frequency of access of the patient's EMR during the selected timeperiod, and wherein a smaller size indicates a lesser frequency ofaccess of the patient's EMR during the selected time period.
 13. The GUIof claim 11, wherein a smaller size indicates a higher frequency ofaccess of the patient's EMR during the selected time period, and whereina larger size indicates a lesser frequency of access of the patient'sEMR during the selected time period.
 14. The GUI of claim 10, whereineach peripheral node of the first set peripheral nodes is connected tothe first central node by an arrow, each arrow pointing in a directionof access of the peripheral node's respective EMR.
 15. The GUI of claim10, wherein selection of a peripheral node of the first set ofperipheral nodes initiates presentation of a second GUI, the second GUIcomprising: at least the first timeline configured to enable selectionof a time period; a second actionable central node representing thepatient associated with the selected peripheral node; and a second setof peripheral nodes surrounding the second central node, each peripheralnode of the second set of peripheral nodes representing a clinician whoaccessed the patient's EMR during the selected time period.
 16. The GUIof claim 15, wherein a size associated with each peripheral node of thesecond set of peripheral nodes indicates a frequency of access of thepatient's EMR by the peripheral node's respective clinician.
 17. The GUIof claim 10, further comprising one or more filters each filterrepresenting a different type of audit event, selection of whichrestricts the first set of peripheral nodes to patients having an EMRaccessed by the clinician for the selected type of audit event.
 18. Oneor more computer-storage media having computer-executable instructionsembodied thereon that, when executed by a computing device, cause thecomputing device to generate a graphical user interface (GUI) forvisually representing a time-ordered sequence of audit events related toa clinician and a patient, the GUI comprising: at least a first timelineconfigured to enable selection of a time period; a first display areaconfigured to present an indication of the clinician and the patient,the patient having an electronic medical record (EMR) accessed by theclinician; a clockwise timeline having one or more icons overlaid atpoints in time where the patient's EMR was accessed by the clinician,the clockwise timeline having bounds corresponding to the selected timeperiod.
 19. The GUI of claim 18, wherein each icon of the one or moreicons represents a different type of audit event.
 20. The GUI of claim19, wherein interaction with each of the one or more icons initiatespresentation of a patient-specific summary associated with the auditevent represented by the icon.